diff --git a/modules/hosts/soteria/soteria.nix b/modules/hosts/soteria/soteria.nix
index 56e3e2a..3e9be47 100644
--- a/modules/hosts/soteria/soteria.nix
+++ b/modules/hosts/soteria/soteria.nix
@@ -26,42 +26,6 @@ in
           hostname = hostname;
           caURL = caURL;
         };
-        sops.defaultSopsFile = ./secrets.yaml;
-        sops.secrets."janus/admin_password" = {
-          owner = "${hostname}";
-        };
-        # mtls = {
-        #   enable = true;
-        #   subject = hostname;
-        #   caURL = caURL;
-        #   san = [
-        #     "${hostname}.john-stream.com"
-        #     # "192.168.1.244"
-        #   ];
-        # };
-
-        # restic.envoy = {
-        #   enable = true;
-        #   port = 10000;
-        #   spiffePrefix = "spiffe://john-stream.com";
-        #   upstreamHost = "127.0.0.1";
-        #   upstreamPort = 8000;
-        #   logLevel = "debug";
-        #   policies = {
-        #     ubuntu-policy = {
-        #       pathPrefix = "/john-ubuntu";
-        #       principal = "spiffe://john-stream.com/ubuntu";
-        #     };
-        #     p14-policy = {
-        #       pathPrefix = "/john-p14s";
-        #       principal = "spiffe://john-stream.com/john-p14s";
-        #     };
-        #     gitea-policy = {
-        #       pathPrefix = "/gitea";
-        #       principal = "spiffe://john-stream.com/gitea";
-        #     };
-        #   };
-        # };
 
         home-manager.users."${username}" = {
           imports = with inputs.self.modules; [
@@ -72,17 +36,19 @@ in
     ];
   };
 
-  flake.modules.homeManager."${hostname}" = { config, ... }: {
+  flake.modules.homeManager."${hostname}" = { config, lib, pkgs, ... }: {
     imports = with inputs.self.modules; [
       homeManager.rebuild
       homeManager.mysops
       homeManager.mtls
+      homeManager.docker
     ];
 
     homeManagerFlakeDir = "${config.xdg.configHome}/home-manager";
     home.username = "${username}";
     home.homeDirectory = "/home/${username}";
     shell.program = "zsh";
+    docker.enable = true;
 
     home.file.".step/config/defaults.json".text = builtins.toJSON {
       "ca-url" = "https://janus.john-stream.com/";
@@ -90,6 +56,12 @@ in
       root = "${config.home.homeDirectory}/.step/certs/root_ca.crt";
     };
 
+    # sops.secrets."janus/admin_password" = {
+    #   path = "${config.home.homeDirectory}/.janus";
+    #   mode = "0400";
+    #   sopsFile = ./secrets.yaml;
+    # };
+
     mysops.hostSecretFile = "${config.xdg.configHome}/home-manager/modules/hosts/soteria/secrets.yaml";
     mtls = {
       enable = true;
@@ -99,8 +71,9 @@ in
         "${hostname}.john-stream.com"
         "192.168.1.142"
       ];
+      lifetime = "1h";
       renew.postCommands = [
-        "docker restart envoy"
+        "${lib.getExe pkgs.docker} restart envoy"
       ];
     };
   };